npm - fauxbase - Versions diffs - 0.5.6 → 0.5.7 - Mend

fauxbase 0.5.6 → 0.5.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -264,8 +264,11 @@ declare class HttpDriver implements Driver {
     private defaultHeaders;
     private endpoints;
     private authProvider;
+    private onUnauthorized;
     constructor(config: HttpDriverOptions);
     setAuthProvider(provider: AuthProvider$1): void;
+    /** @internal — set callback to refresh token on 401 */
+    setOnUnauthorized(handler: () => Promise<boolean>): void;
     registerEndpoint(resource: string, endpoint: string): void;
     private getEndpoint;
     private buildUrl;
@@ -308,6 +311,8 @@ interface AuthState {
     userName?: string;
     role?: string;
     token: string;
+    refreshToken?: string;
+    expiresAt?: number;
 }
 interface AuthContext {
     userId: string;
@@ -318,6 +323,8 @@ declare abstract class AuthService<T extends Entity> extends Service<T> {
     private saveState;
     private httpDriver;
     private authChangeListeners;
+    private refreshTimer;
+    private _isRefreshing;
     /** @internal — called by createClient to wire persistence */
     _initAuth(loadState: () => AuthState | null, saveState: (state: AuthState | null) => void): void;
     /** @internal — called by createClient when using HttpDriver */
@@ -325,16 +332,32 @@ declare abstract class AuthService<T extends Entity> extends Service<T> {
     login(credentials: LoginCredentials): Promise<T>;
     register(data: Partial<T>): Promise<T>;
     logout(): void;
+    /** Manually refresh the token. Returns the new token. */
+    refresh(): Promise<string>;
+    /**
+     * Ensure the token is valid before making a request.
+     * If expired, auto-refreshes. Safe to call concurrently.
+     */
+    ensureValidToken(): Promise<void>;
     get currentUser(): T | null;
     get isLoggedIn(): boolean;
     get token(): string | null;
+    get refreshToken(): string | null;
+    get expiresAt(): number | null;
+    get isExpired(): boolean;
     hasRole(role: string): boolean;
     getAuthContext(): AuthContext | null;
     private localLogin;
     private localRegister;
+    private localRefresh;
     private httpLogin;
     private httpRegister;
+    private httpRefresh;
+    private setAuthFromResponse;
     private generateToken;
+    private generateRefreshToken;
+    private scheduleRefresh;
+    private clearRefreshTimer;
     /** @internal — called by createClient to listen for auth state changes */
     _onAuthChange(listener: () => void): void;
     private persistState;
@@ -454,7 +477,10 @@ interface Preset {
         loginUrl: string;
         registerUrl: string;
         logoutUrl?: string;
+        refreshUrl?: string;
         tokenField: string;
+        refreshTokenField?: string;
+        expiresInField?: string;
         userField: string;
         headerFormat: string;
     };

package/dist/index.d.ts CHANGED Viewed

@@ -264,8 +264,11 @@ declare class HttpDriver implements Driver {
     private defaultHeaders;
     private endpoints;
     private authProvider;
+    private onUnauthorized;
     constructor(config: HttpDriverOptions);
     setAuthProvider(provider: AuthProvider$1): void;
+    /** @internal — set callback to refresh token on 401 */
+    setOnUnauthorized(handler: () => Promise<boolean>): void;
     registerEndpoint(resource: string, endpoint: string): void;
     private getEndpoint;
     private buildUrl;
@@ -308,6 +311,8 @@ interface AuthState {
     userName?: string;
     role?: string;
     token: string;
+    refreshToken?: string;
+    expiresAt?: number;
 }
 interface AuthContext {
     userId: string;
@@ -318,6 +323,8 @@ declare abstract class AuthService<T extends Entity> extends Service<T> {
     private saveState;
     private httpDriver;
     private authChangeListeners;
+    private refreshTimer;
+    private _isRefreshing;
     /** @internal — called by createClient to wire persistence */
     _initAuth(loadState: () => AuthState | null, saveState: (state: AuthState | null) => void): void;
     /** @internal — called by createClient when using HttpDriver */
@@ -325,16 +332,32 @@ declare abstract class AuthService<T extends Entity> extends Service<T> {
     login(credentials: LoginCredentials): Promise<T>;
     register(data: Partial<T>): Promise<T>;
     logout(): void;
+    /** Manually refresh the token. Returns the new token. */
+    refresh(): Promise<string>;
+    /**
+     * Ensure the token is valid before making a request.
+     * If expired, auto-refreshes. Safe to call concurrently.
+     */
+    ensureValidToken(): Promise<void>;
     get currentUser(): T | null;
     get isLoggedIn(): boolean;
     get token(): string | null;
+    get refreshToken(): string | null;
+    get expiresAt(): number | null;
+    get isExpired(): boolean;
     hasRole(role: string): boolean;
     getAuthContext(): AuthContext | null;
     private localLogin;
     private localRegister;
+    private localRefresh;
     private httpLogin;
     private httpRegister;
+    private httpRefresh;
+    private setAuthFromResponse;
     private generateToken;
+    private generateRefreshToken;
+    private scheduleRefresh;
+    private clearRefreshTimer;
     /** @internal — called by createClient to listen for auth state changes */
     _onAuthChange(listener: () => void): void;
     private persistState;
@@ -454,7 +477,10 @@ interface Preset {
         loginUrl: string;
         registerUrl: string;
         logoutUrl?: string;
+        refreshUrl?: string;
         tokenField: string;
+        refreshTokenField?: string;
+        expiresInField?: string;
         userField: string;
         headerFormat: string;
     };

package/dist/index.js CHANGED Viewed

@@ -277,10 +277,15 @@ var AuthService = class extends Service {
   saveState = null;
   httpDriver = null;
   authChangeListeners = [];
+  refreshTimer = null;
+  _isRefreshing = null;
   /** @internal — called by createClient to wire persistence */
   _initAuth(loadState, saveState) {
     this.saveState = saveState;
     this.authState = loadState();
+    if (this.authState?.expiresAt) {
+      this.scheduleRefresh();
+    }
   }
   /** @internal — called by createClient when using HttpDriver */
   _setHttpMode(driver) {
@@ -299,9 +304,38 @@ var AuthService = class extends Service {
     return this.localRegister(data);
   }
   logout() {
+    this.clearRefreshTimer();
     this.authState = null;
     this.persistState();
   }
+  /** Manually refresh the token. Returns the new token. */
+  async refresh() {
+    if (!this.authState?.refreshToken) {
+      throw new ForbiddenError("No refresh token available");
+    }
+    if (this.httpDriver) {
+      return this.httpRefresh();
+    }
+    return this.localRefresh();
+  }
+  /**
+   * Ensure the token is valid before making a request.
+   * If expired, auto-refreshes. Safe to call concurrently.
+   */
+  async ensureValidToken() {
+    if (!this.authState) return;
+    if (!this.authState.expiresAt) return;
+    const buffer = 30 * 1e3;
+    if (Date.now() + buffer >= this.authState.expiresAt) {
+      if (!this._isRefreshing) {
+        this._isRefreshing = this.refresh().then(() => {
+        }).finally(() => {
+          this._isRefreshing = null;
+        });
+      }
+      await this._isRefreshing;
+    }
+  }
   get currentUser() {
     return this.authState ? { id: this.authState.userId, email: this.authState.email } : null;
   }
@@ -311,6 +345,16 @@ var AuthService = class extends Service {
   get token() {
     return this.authState?.token ?? null;
   }
+  get refreshToken() {
+    return this.authState?.refreshToken ?? null;
+  }
+  get expiresAt() {
+    return this.authState?.expiresAt ?? null;
+  }
+  get isExpired() {
+    if (!this.authState?.expiresAt) return false;
+    return Date.now() >= this.authState.expiresAt;
+  }
   hasRole(role) {
     return this.authState?.role === role;
   }
@@ -321,7 +365,7 @@ var AuthService = class extends Service {
       userName: this.authState.userName
     };
   }
-  // --- Local mode (original implementation) ---
+  // --- Local mode ---
   async localLogin(credentials) {
     const { items } = await this.list({ filter: { email: credentials.email } });
     if (items.length === 0) {
@@ -331,14 +375,18 @@ var AuthService = class extends Service {
     if (user.password !== credentials.password) {
       throw new ForbiddenError("Invalid email or password");
     }
+    const expiresAt = Date.now() + 60 * 60 * 1e3;
     this.authState = {
       userId: user.id,
       email: user.email,
       userName: user.name || user.email,
       role: user.role,
-      token: this.generateToken(user)
+      token: this.generateToken(user, expiresAt),
+      refreshToken: this.generateRefreshToken(user),
+      expiresAt
     };
     this.persistState();
+    this.scheduleRefresh();
     return user;
   }
   async localRegister(data) {
@@ -351,16 +399,33 @@ var AuthService = class extends Service {
     }
     const { data: user } = await this.create(data);
     const u = user;
+    const expiresAt = Date.now() + 60 * 60 * 1e3;
     this.authState = {
       userId: u.id,
       email: u.email,
       userName: u.name || u.email,
       role: u.role,
-      token: this.generateToken(u)
+      token: this.generateToken(u, expiresAt),
+      refreshToken: this.generateRefreshToken(u),
+      expiresAt
     };
     this.persistState();
+    this.scheduleRefresh();
     return user;
   }
+  async localRefresh() {
+    const payload = JSON.parse(atob(this.authState.refreshToken));
+    const expiresAt = Date.now() + 60 * 60 * 1e3;
+    this.authState = {
+      ...this.authState,
+      token: this.generateToken(payload, expiresAt),
+      refreshToken: this.generateRefreshToken(payload),
+      expiresAt
+    };
+    this.persistState();
+    this.scheduleRefresh();
+    return this.authState.token;
+  }
   // --- HTTP mode ---
   async httpLogin(credentials) {
     const preset = this.httpDriver.preset;
@@ -382,17 +447,8 @@ var AuthService = class extends Service {
       throw new ForbiddenError(body2.message ?? "Login failed");
     }
     const body = await response.json();
-    const token = body[preset.auth.tokenField];
-    const user = body[preset.auth.userField] ?? body;
-    this.authState = {
-      userId: user.id,
-      email: user.email ?? credentials.email,
-      userName: user.name || user.email || credentials.email,
-      role: user.role,
-      token
-    };
-    this.persistState();
-    return user;
+    this.setAuthFromResponse(body, preset, credentials.email);
+    return body[preset.auth.userField] ?? body;
   }
   async httpRegister(data) {
     const preset = this.httpDriver.preset;
@@ -411,27 +467,94 @@ var AuthService = class extends Service {
       throw new ForbiddenError(body2.message ?? "Registration failed");
     }
     const body = await response.json();
+    this.setAuthFromResponse(body, preset, data.email);
+    return body[preset.auth.userField] ?? body;
+  }
+  async httpRefresh() {
+    const preset = this.httpDriver.preset;
+    const baseUrl = this.httpDriver.baseUrl;
+    const refreshUrl = preset.auth.refreshUrl;
+    if (!refreshUrl) {
+      throw new ForbiddenError("Refresh URL not configured in preset");
+    }
+    const response = await fetch(`${baseUrl}${refreshUrl}`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ refreshToken: this.authState.refreshToken })
+    });
+    if (!response.ok) {
+      this.logout();
+      throw new ForbiddenError("Session expired. Please log in again.");
+    }
+    const body = await response.json();
+    const token = body[preset.auth.tokenField];
+    const refreshToken = preset.auth.refreshTokenField ? body[preset.auth.refreshTokenField] : this.authState.refreshToken;
+    const expiresIn = preset.auth.expiresInField ? body[preset.auth.expiresInField] : null;
+    const expiresAt = expiresIn ? Date.now() + expiresIn * 1e3 : void 0;
+    this.authState = {
+      ...this.authState,
+      token,
+      refreshToken,
+      expiresAt
+    };
+    this.persistState();
+    this.scheduleRefresh();
+    return token;
+  }
+  setAuthFromResponse(body, preset, fallbackEmail) {
     const token = body[preset.auth.tokenField];
     const user = body[preset.auth.userField] ?? body;
+    const refreshToken = preset.auth.refreshTokenField ? body[preset.auth.refreshTokenField] : void 0;
+    const expiresIn = preset.auth.expiresInField ? body[preset.auth.expiresInField] : null;
+    const expiresAt = expiresIn ? Date.now() + expiresIn * 1e3 : void 0;
     this.authState = {
       userId: user.id,
-      email: user.email ?? data.email,
-      userName: user.name || user.email || data.email,
+      email: user.email ?? fallbackEmail,
+      userName: user.name || user.email || fallbackEmail,
       role: user.role,
-      token
+      token,
+      refreshToken,
+      expiresAt
     };
     this.persistState();
-    return user;
+    this.scheduleRefresh();
   }
-  generateToken(user) {
+  // --- Token generation (local mode) ---
+  generateToken(user, expiresAt) {
     return btoa(JSON.stringify({
-      userId: user.id,
+      userId: user.id ?? user.userId,
       email: user.email,
       role: user.role,
       iat: Date.now(),
-      exp: Date.now() + 24 * 60 * 60 * 1e3
+      exp: expiresAt
     }));
   }
+  generateRefreshToken(user) {
+    return btoa(JSON.stringify({
+      userId: user.id ?? user.userId,
+      email: user.email,
+      role: user.role,
+      type: "refresh",
+      iat: Date.now()
+    }));
+  }
+  // --- Refresh scheduling ---
+  scheduleRefresh() {
+    this.clearRefreshTimer();
+    if (!this.authState?.expiresAt) return;
+    const delay = this.authState.expiresAt - Date.now() - 60 * 1e3;
+    if (delay <= 0) return;
+    this.refreshTimer = setTimeout(() => {
+      this.refresh().catch(() => {
+      });
+    }, delay);
+  }
+  clearRefreshTimer() {
+    if (this.refreshTimer) {
+      clearTimeout(this.refreshTimer);
+      this.refreshTimer = null;
+    }
+  }
   /** @internal — called by createClient to listen for auth state changes */
   _onAuthChange(listener) {
     this.authChangeListeners.push(listener);
@@ -1035,7 +1158,10 @@ var springBootPreset = definePreset({
   auth: {
     loginUrl: "/api/auth/login",
     registerUrl: "/api/auth/register",
+    refreshUrl: "/api/auth/refresh",
     tokenField: "token",
+    refreshTokenField: "refreshToken",
+    expiresInField: "expiresIn",
     userField: "user",
     headerFormat: "Bearer {token}"
   }
@@ -1275,6 +1401,7 @@ var HttpDriver = class {
   defaultHeaders;
   endpoints = /* @__PURE__ */ new Map();
   authProvider = null;
+  onUnauthorized = null;
   constructor(config) {
     this.baseUrl = config.baseUrl.replace(/\/$/, "");
     this.preset = typeof config.preset === "string" ? getPreset(config.preset ?? "default") : config.preset ?? getPreset("default");
@@ -1286,6 +1413,10 @@ var HttpDriver = class {
   setAuthProvider(provider) {
     this.authProvider = provider;
   }
+  /** @internal — set callback to refresh token on 401 */
+  setOnUnauthorized(handler) {
+    this.onUnauthorized = handler;
+  }
   registerEndpoint(resource, endpoint) {
     this.endpoints.set(resource, endpoint);
   }
@@ -1319,6 +1450,12 @@ var HttpDriver = class {
       });
       clearTimeout(timer);
       if (!response.ok) {
+        if (response.status === 401 && retryCount === 0 && this.onUnauthorized) {
+          const refreshed = await this.onUnauthorized();
+          if (refreshed) {
+            return this._fetch(url, options, 1);
+          }
+        }
         if (response.status >= 500 && retryCount < this.maxRetries) {
           const delay = this.baseDelay * Math.pow(2, retryCount);
           await new Promise((r) => setTimeout(r, delay));
@@ -1682,10 +1819,25 @@ function createClient(config) {
     } else if (defaultDriver instanceof HttpDriver) {
       authInstance._init(defaultDriver, resourceName);
       defaultDriver.registerEndpoint(resourceName, authInstance.endpoint);
+      const hasLocalStorage = typeof localStorage !== "undefined";
+      const LS_AUTH_KEY = "fauxbase:auth";
       let memoryAuthState = null;
       authInstance._initAuth(
-        () => memoryAuthState,
+        () => {
+          if (hasLocalStorage) {
+            const raw = localStorage.getItem(LS_AUTH_KEY);
+            return raw ? JSON.parse(raw) : null;
+          }
+          return memoryAuthState;
+        },
         (state) => {
+          if (hasLocalStorage) {
+            if (state) {
+              localStorage.setItem(LS_AUTH_KEY, JSON.stringify(state));
+            } else {
+              localStorage.removeItem(LS_AUTH_KEY);
+            }
+          }
           memoryAuthState = state;
         }
       );
@@ -1694,6 +1846,14 @@ function createClient(config) {
         const token = authInstance.token;
         return token ? { token } : null;
       });
+      defaultDriver.setOnUnauthorized(async () => {
+        try {
+          await authInstance.refresh();
+          return true;
+        } catch {
+          return false;
+        }
+      });
     }
     client.auth = authInstance;
     for (const driver of overrideDrivers.values()) {
@@ -1702,6 +1862,14 @@ function createClient(config) {
           const token = client.auth?.token;
           return token ? { token } : null;
         });
+        driver.setOnUnauthorized(async () => {
+          try {
+            await client.auth.refresh();
+            return true;
+          } catch {
+            return false;
+          }
+        });
       }
     }
   }